Regin Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (113)

Chronologie

Langue

en108
ko2
zh2
es2

De campagne

us54
gb44
cn8
fr2
in2

Acteurs

Regin1

Activités

Intérêt

Chronologie

Taper

Not Defined42
Programming Language Software16
Operating System8
Content Management System6
Database Software4

Fournisseur

Not Defined42
IBM12
Microsoft6
Cisco4
Siemens4

Produit

PHP16
Microsoft Windows4
Vastal phpVID2
Ashwebstudio Ashnews2
HMS Ewon eCatcher2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Host Discard Service elévation de privilèges7.37.1$0-$5k$0-$5kHighWorkaround0.015000.04CVE-1999-0636
2PHP Filename DirectoryIterator buffer overflow5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.008090.04CVE-2019-11045
3nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.44CVE-2020-12440
4Sonatype Nexus Repository Manager elévation de privilèges4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000780.02CVE-2021-43961
5HP Enterprise LaserJet buffer overflow7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.001970.02CVE-2021-39238
6CKeditor Dialogs Plugin elévation de privilèges6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.00CVE-2021-26271
7TYPO3 User Session chiffrement faible5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001680.00CVE-2021-21339
8VMware vCenter Server Heartbeat Message elévation de privilèges5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.022140.02CVE-2015-1047
9PAM unix_chkpwd divulgation de l'information5.35.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2005-2977
10st Module passwd directory traversal6.46.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006720.00CVE-2014-3744
11Vastal phpVID browse_videos.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.015660.03CVE-2013-5312
12GitHub Actions Runner elévation de privilèges8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2022-39321
13Oracle Database Server RDBMS Security/SQL*Plus divulgation de l'information2.62.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2016-3562
14Oracle Solaris Common Desktop Environment Format String8.37.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000430.00CVE-2022-43752
15Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.04CVE-2022-28507
16HMS Ewon eCatcher elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2021-33214
17Wamp Wamp64 elévation de privilèges7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001300.04CVE-2022-36565
18NVIDIA CUDA Toolkit SDK cuobjdump buffer overflow6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2022-21821
19Siemens SIMATIC S7-400 Session Cookie httponly divulgation de l'information5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000960.02CVE-2016-8672
20Cisco Small Business Switches authentification faible8.48.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002430.04CVE-2018-15439

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
117.3.40.93Regin01/01/2021verifiedÉlevé
218.159.0.1ec2-18-159-0-1.eu-central-1.compute.amazonaws.comRegin01/01/2021verifiedMoyen
3XX.X.X.Xx.x.x.xx.xxx.xxxx.xxxXxxxx01/01/2021verifiedÉlevé
4XX.XX.XXX.XXXxxxx01/01/2021verifiedÉlevé
5XXX.XXX.XXX.XXXxxxxxxx.xxxxxx.xxXxxxx01/01/2021verifiedÉlevé
6XXX.XX.XXX.XXXxxxx.xxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx08/06/2021verifiedÉlevé
7XXX.XXX.XX.XXxxxx.xxxxxxxxxx.xxxXxxxx08/06/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveÉlevé
14TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/etc/passwdpredictiveMoyen
2File/etc/sudoerspredictiveMoyen
3File/exponent_constants.phppredictiveÉlevé
4Fileactions.phppredictiveMoyen
5Fileadclick.phppredictiveMoyen
6Fileadd_comment.phppredictiveÉlevé
7Fileadminer.phppredictiveMoyen
8Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
9Filexxxxxx_xxxxxx.xxxpredictiveÉlevé
10Filexxxxxxx.xxxpredictiveMoyen
11Filex:\xxxxxxpredictiveMoyen
12Filexxxxxx.xxxpredictiveMoyen
13Filexxxxxx/xxx/x_xxx_xxx_xxxx_xxxx.xpredictiveÉlevé
14Filexxxxxxxxxx.xpredictiveMoyen
15Filexxx/xxxx/xxx_xxxx.xpredictiveÉlevé
16Filexxx/xxxx/xxxx.xpredictiveÉlevé
17Filexxxxx.xxxpredictiveMoyen
18Filexxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxxpredictiveÉlevé
19Filexx_xxx_xx.xpredictiveMoyen
20Filexxxxx.xxxpredictiveMoyen
21Filexxxxx.xxxpredictiveMoyen
22Filexxxxxxx.xxxpredictiveMoyen
23Filexxx_xxx_xxxxxx.xpredictiveÉlevé
24Filexxx/xxxx/xxxxxx.xpredictiveÉlevé
25Filexxx_xxx.xpredictiveMoyen
26Filexxxx/xxx/xxx_xxxx.xpredictiveÉlevé
27Filexxxx-xxxxxx.xpredictiveÉlevé
28Filexxxxx/xxxx/xxxxxxxx.xxxpredictiveÉlevé
29Filexxxx_xxxxxxpredictiveMoyen
30Filexx-xxxxxxx/xxxxxxxpredictiveÉlevé
31File_xxxxxx.xxxpredictiveMoyen
32Library/_xxx_xxx/xxxxx.xxxpredictiveÉlevé
33Argument$_xxxxxx['xxxxx_xxxxxx']predictiveÉlevé
34Argumentxxx_xxxxpredictiveMoyen
35Argumentxxxx_xxxpredictiveMoyen
36ArgumentxxxpredictiveFaible
37Argumentxxxx_xxxpredictiveMoyen
38ArgumentxxxxpredictiveFaible
39ArgumentxxxxxpredictiveFaible
40ArgumentxxxxpredictiveFaible
41ArgumentxxpredictiveFaible
42ArgumentxxxxxxxpredictiveFaible
43Argumentxxx_xxxxxxxpredictiveMoyen
44ArgumentxxxxxxxxxxxxxpredictiveÉlevé
45ArgumentxxxxxxxpredictiveFaible
46Argumentx_xx_x_xpredictiveMoyen
47Argumentxxxxxxx_xx_xxxxxxxpredictiveÉlevé
48ArgumentxxxxpredictiveFaible
49Argumentxx_xxxx_xxxxxx_xxxxxxxxxxpredictiveÉlevé
50Input Value%xx%xxpredictiveFaible
51Input Value%x/%xpredictiveFaible
52Input Value-xpredictiveFaible
53Input Value/../predictiveFaible
54Input Valuexxxxxxxx/xxxxxxxx/xxxxxxxxxpredictiveÉlevé
55Input ValuexxxxxxpredictiveFaible
56Network Portxxx/xx (xxx xxxxxxxx)predictiveÉlevé
57Network Portxxx/xxxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!